Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

KentuckyFC writes "The information within huge, supposedly anonymized data sets can be used to build a detailed picture of an individual's lifestyle and relationships. This data is hugely valuable, which is why many companies already mine the pattern of links in their data to help them build things like recommender systems. Now a group of computer scientists say it is inevitable that a new class of malware will emerge for stealing this behavioral pattern data from social networks. They've analyzed the types of strategies this malware will use to collect information from a real mobile phone database of 800,000 links between 200,000 phones. They point out that the theft of behavioral data can be much more serious than the theft of other personal information. If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage. That can't be done with behavioral data, they say. Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties?"

"For in spite of computers and advanced psychologyBehaviour patterns are still a mysteryI predict the future of this earthly human raceIs that having made a mess of Earth They'll move to outer spaceWell there goes the neighbourhoodTotally, completely, absolutely, irrevocably, highly illogical!"

Which is totally pointless if you are a reasonable and dilligent user of your credit card, and actually check your statements every month. Of course maybe they can read from your behavioral patterns if you are an idiot that just pays bills without looking them over first.

No.The point of stealing via fraudulent credit card purchases is not to steal from you, it's to steal from a credit card company.The credit card companies employ a level of behavioural pattern recognition to stop large, unusual transactions on your account. I've had times when I've tried to put an unusual item through on my card and received an immediate phonecall from my credit card provider, asking whether it's me doing the ordering.

If I can sell you the credit card numbers of a bunch of people who I can identify as habitually making purchases of a given type of item, you can then make a series of non-suspicious orders on their cards and get away before they check their statements.

If I can sell you the credit card numbers of a bunch of people who I can identify as habitually making purchases of a given type of item, you can then make a series of non-suspicious orders on their cards and get away before they check their statements.

Well, yes, but then you only get to use the card for that kind of purchase. Which is great if you want to use the stolen number of buying groceries in the same town as the cardholder, but doesn't necessarily let you make large purchases.

>The credit card companies employ a level of behavioural pattern recognition to stop large, unusual transactions on your account
Unfortunately it doesn't always work out that way. My card was blocked the other day (2nd time this month) after spending £2.81 for breakfast in the self service supermarket till that i do a few times a week.

My card was blocked the other day (2nd time this month) after spending £2.81 for breakfast in the self service supermarket till that i do a few times a week.

You're missing the point here. Your breakfast (of bacon, ham, eggs, marmalade and Rock Star) is very high in fats, calories and low in vitamins, minerals and green scratchy things. The credit card company has a vested interest in keeping you alive (dead men don't pay bills). So by hassling you about breakfast they are hoping you go home and ju

They can tailor their attack to your behaviour. For example, most phishing mails are quite easy to spot, simply from the fact that you never have been at the bank this phishing mail sends you to. But imagine someone would know not only your bank, but even your account number. And moreover they know that you are buying a lot on ebay. And they find out that your account is usually not filled very well. Now they can send you a mail, seemingly coming from your bank, containing a message like "Dear Mr. Yourname.

Damn, I should have read that preview. The message should have read:"Dear Mr. Yourname. An attempt to get $<larger than to be expected on your bank account> from your bank account <your account number> [...] bought by member <your ebay ID> [...]"

one of the best tools in fighting financial fraud is people's behavior patterns. I work for a big bank and have several applications which are used for pattern recognition both across a business unit, and across a single customer's account. If you buy something in Rome, than in Dallas Texas, then in Istambul, your account is going to be flagged... But what if someone had your card information plus your geographic habits? There are plenty of opportunities to make fraudulent credit card usage seem much more legitimate to an algorithm, all that is missing is social information... for now.

Better that than the algorithm doesn't pick up the crim buying a 52" plasma TV and surround sound system, brand new PC, and as many BluRay movies as he can carry with your card details because both he and it already knows you're a bit of a technophile.

I recently ordered a netbook for my brother off an online website. The next day I got a call from my credit card company asking me if it was actually me making the purchase. I said yes it was, and THANK YOU for calling me. I feel the same way when I go to use my credit card and they ask for ID. Sure it inconveniences me, but I'd rather have false positives that only require me to say OK when I do something unusual, then someone making fraudulent purchases with my card. I know in the end my credit card compa

I'd be happy, too, if it asked me. My bank just automatically assumed, when I sent a company elsewhere a thousand bucks, that I didn't actually want to, and canceled the charge. Then they couldn't even uncancel it when I called them (and I had to call them - their website was broken). After uncanceling the charge, I had to personally apologize to the overworked KoL staff, and get them to run the charge through again. I wish my bank was like your bank.

Normally I don't mind, but I was a bit irritated I went down to another city (about 8-9h) to visit and pick up my GF. Along the way I stopped several times for gas. On the way back, I stopped again and my card was blocked.

Apparently going outside of my city and buying GAS along the way is enough to trip the pattern recognition, which is somewhat silly as my car's best is about 700-800/tank (45L) and filling up during a 700km (each way) trip is somewhat of a necessity... not to mention the pre-requisite bath

Criminals do not go to that type of effort. It defeats the entire point of being a criminal. To be a criminal is to suffer poor impulse control and to not be a big fan of working.

Most criminals aren't going to break into the Louvre and steal the Mona Lisa. Is it feasible to try? Sure. But, it isn't in the nature of crime to do so. Why? The who point of crime is that a lazy person or a person with poor impulse control can realize high marginal value by doing something illegal. The marginal value of p

The who point of crime is that a lazy person or a person with poor impulse control can realize high marginal value by doing something illegal.

There are parts of the world where there is little opportunity, especially if you're not from the right background. Some of those smart and enterprising people turn to crime. And the internet lets them reach victims across the globe. Disparity of income also contributes to it. Where I live, if a person could steal even just $100 a day he would live quite well. The c

If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage.

This remains true. Behavioural data alone is worth nothing.
Also, I'd argue that credit card fraud becomes a lot less interesting when the scammer is limited to buying things that the original card holder would be interested in.

Of course when you get a credit card and the attached information that shows that this is a really rich fucker who rarely checks his bills and spends like a drunken monkey on all kinds of weird ass shit. Well then you know that is a card you are going to be using hard and heavy.

Why risk some strange credit card number when you know a select few can work as real CC's in your area or in other parts of the world.
Sell on in bulk, value added. Stand out in a world of lists as something better, build a brand name for quality at a price.

Must be a new system, because when my CC was skimmed last year in Vegas it took them a week (and about $3000 in purchases) for them to figure out that it was stolen - despite the fact that charges were being made in two different countries on the exact same day. Visa must think I regularly take 8 hour flights to and from Vegas to buy gas, groceries and shop at Best Buy.:\

You are forgetting another important piece that is missing. High value items that would be desirable for a thief to acquire using the stolen info. Most thieves that would go so far as to collect behavioral patterns would not be interested in using the stolen financial info at the local liquor store or CVS. If they want to try to use it at my local pub, I would be very interested in meeting them and asking why they went through so much trouble for such a minimal reward.

. . . with humorous results, as always happens when malware tries to replicate human behavior. Seriously, guys? Does no one remember the golden age of spam, when half the emails in your spam folder were 50% clipped quotes from Jonathan Livingston Seagull?

FTA: "AOL removed the search data from its site over the weekend and apologized for its release, saying it was an unauthorized move by a team that had hoped it would benefit academic researchers."
Why are they saving this search data to begin with other than the profit motive? I highly doubt it was solely to benefit academic researchers.
What are our expectations of privacy when using search engines? Don't we have the right to assume that they do NOT save any personally identifiable information?
Fo

If somebody steals your credit card or computer password, for example, you can just get another card or change your password, thereby limiting the damage. That can't be done with behavioral data, they say. Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties

ooooh. you spent 15 minutes yesterday on google looking for pet carriers. now i know who you will marry!

behavioral data is not mind reading or future predicting. its application is extremely narrow. this story is scaremongering stupid bs

I read TFA and I still don't get it. What is the malicious coder's motivation? I mean, how does he make money knowing that you are friends with x number of other people? Does he sell it to marketers? Does he blackmail you because you have a mistress or something?

What I'm saying is, identity theft, credit card theft, and the like are easy to understand, because there is money to be made by doing it. How does one make money by knowing that Bob is friends with Susan, Bill, and Tracy?

"Who would be willing or able to change their real world pattern of person-to-person relationships, friendships and family ties?"

People in witness protection do it because they have to.

People who are voluntarily in AA or similar lifestyle-change groups may drop certain friends or distance themselves from certain family members because they know they have to in order to overcome their additions.

People who are voluntarily in AA or similar lifestyle-change groups may drop certain friends or distance themselves from certain family members because they know they have to in order to overcome their additions.

It is often seen when overcoming one's additions that it is a negative thing or even sometimes divisive. Ultimately however, it really serves to multiply the positives. Sorry for the tangent.

Sometimes even email gives far too much immediacy. By avoiding mindless social networking, I am left with more time to yell at the kids on my lawn to take their beer bottles and cigarette butts with them when they go.